Method and device for managing a pairing request of a first device with a second device

ABSTRACT

A method for managing a request to pair a first item of equipment with a second item of equipment is implemented by a device for managing a pairing request. The managing device is configured to communicate with the first item of equipment via an optical communication channel. The managing method includes: reception, via the optical communication channel, of a pairing request including data representative of the identity of the first item of equipment; and if the pairing request is authorized, transmission, via the optical communication channel, of a security key to the first item of equipment to be used during communications between the first item of equipment and the second item of equipment once the items of equipment have been paired.

CROSS-REFERENCE TO RELATED APPLICATIONS

This Application is a Section 371 National Stage Application ofInternational Application No. PCT/FR2021/051022, filed Jun. 7, 2021,which is incorporated by reference in its entirety and published as WO2021/255363 A1 on Dec. 23, 2021, not in English.

FIELD OF THE DISCLOSURE

The present invention relates to a method for managing a request to paira first item of equipment with a second item of equipment.

It further relates to a device for managing a pairing requestimplementing the aforementioned method.

The invention is in particular applicable to items of equipmentcommunicating by means of radio waves, in a professional context, forexample in meeting rooms or offices, but also in a domestic context.

BACKGROUND OF THE DISCLOSURE

In order to secure communications between two items of equipmentcommunicating using wireless technology, it is necessary to implement apairing phase during which data are exchanged between the items ofequipment in order to determine a security key. This security key willbe used during communications between the items of equipment.

The pairing phase between two items of equipment may be initiated invarious ways. For example, the pairing phase may be started by a useraction such as pressing a button, switching on the item of equipment, orentering a PIN code.

During this pairing phase, the items of equipment are vulnerable toattacks that may compromise the security of subsequent exchanges betweenthe items of equipment. For example, a third party may observe theexchanges between the two items of equipment and generate the securitykey that will be used in subsequent exchanges between the items ofequipment. In another example, a third-party item of equipment operatedby a malicious user may pair with an access point, without a legitimateitem of equipment noticing. Thus, an item of equipment seeking to pairwith its access point may connect to a malicious access point withoutthe user of the item of equipment being informed.

The present invention proposes to improve this situation by securingpairing requests between items of equipment.

SUMMARY

To this end, the invention relates, according to a first aspect, to amethod for managing a request to pair a first item of equipment with asecond item of equipment implemented by a device for managing a pairingrequest, said managing device being configured to communicate with thefirst item of equipment via an optical communication channel. Themanaging method comprises:

-   reception, via the optical communication channel, of a pairing    request comprising data representative of the identity of the first    item of equipment, andif the pairing request is authorized,    transmission, via the optical communication channel, to the first    item of equipment, of a security key to be used during    communications between the first item of equipment and the second    item of equipment once the items of equipment have been paired.

As the first item of equipment and the managing device establish anoptical communication channel, the messages exchanged between them aredifficult for a third party to intercept.

Specifically, an optical communication channel is created when aphotoreceiver receives a signal from a light source. For the opticalcommunication channel to be created, the photoreceiver must be locatedwithin the region illuminated by the light source. There must be noobstacle, such as a wall, between the light source and thephotoreceiver. If an obstacle is present between the light source andthe photoreceiver, the optical communication channel cannot beestablished.

Thus, for the two-way optical communication channel to be establishedbetween the first item of equipment and the managing device, aphotoreceiver integrated into the device for managing a pairing requestmust be in the region of a light source integrated into the first itemof equipment and a photoreceiver integrated into the first item ofequipment must be in the region illuminated by a light source integratedinto the managing device.

Consequently, the exchanges between the device for managing a pairingrequest and the first item of equipment are difficult for a third partyto observe. Furthermore, pairings resulting from malicious acts arelimited. In other words, there is a low chance of a malicious thirdparty intercepting messages exchanged between the first item ofequipment and the managing device, and hence of successfully pairingwith the second item of equipment or of masquerading as the first itemof equipment.

Consequently, communication between the device for managing a pairingrequest and the first item of equipment is secure, especially withrespect to communications carried out via radio waves, this type of wavebeing omnidirectional.

If the pairing request is refused, pairing is not implemented.

If the pairing request is authorized, pairing is implemented. Duringpairing, the managing device sends the first item of equipment securitykeys associated with the second item of equipment. These security keyswill be used during communications between the first item of equipmentand the second item of equipment once the items of equipment have beenpaired. Specifically, the security key is used to encrypt andauthenticate subsequent communications between the first item ofequipment and the second item of equipment.

In one embodiment, the managing device has a list, which is for examplestored in memory, containing the security keys of the items of equipmentto which it is connected, and in particular of the second item ofequipment.

In another embodiment, the first item of equipment and the second itemof equipment exchange security keys via said managing device. In otherwords, the managing device receives, from the second item of equipment,the security key to be transmitted to the first item of equipment.

In one embodiment, the managing device is configured to communicate withthe second item of equipment via a wired communication channel.

Thus, the exchanges between the managing device and the second item ofequipment are secure. Furthermore, unlike the communications via theoptical communication channel, the relative position of the managingdevice and of the second item of equipment is not subject toconstraints, and they may be installed as desired. For example, themanaging device and the second item of equipment may be placed indifferent rooms. Furthermore, the managing device and the second item ofequipment may be located remotely. Therefore, the first item ofequipment and the second item of equipment may be located remotely andpaired in a secure manner via the managing device.

In another embodiment, the managing device is configured to communicatewith the second item of equipment via an optical communication channel.

This embodiment has the advantage of avoiding the need to install wireswhile guaranteeing secure communications between the managing device andthe second item of equipment.

It will be noted that the security key is transmitted via the opticalcommunication channel established between the managing device and thefirst item of equipment and that the items of equipment then communicatevia a radio communication channel, or via the managing device, using thesecurity key. Specifically, once they have been paired, the items ofequipment communicate using the security key received by the first itemof equipment via the optical communication channel.

According to one feature, the data representative of the identity of thefirst item of equipment comprise a certificate associated with the firstitem of equipment.

Thus, the pairing request comprises the certificate associated with thefirst item of equipment.

According to another feature, the data representative of the identity ofthe first item of equipment further comprise a sequence of datarepresentative of a fingerprint uniquely identifying said first item ofequipment.

Thus, the pairing request comprises a fingerprint uniquely identifyingthe first item of equipment, in addition to the certificate.

In other embodiments, the pairing request comprises either thecertificate, or the fingerprint identifying the first item of equipment.

According to one feature, the managing method comprises storing thereceived certificate in association with the received fingerprint.

For example, the certificate and the fingerprint are stored in adatabase. This database may be in the managing device or connected tothe managing device.

According to one feature, the sequence of data representative of thefingerprint is generated by the first item of equipment, prior to thetransmission of the pairing request to the managing device.

The fingerprint (and the sequence of data representative of thefingerprint) may be generated each time a pairing request is sent to themanaging device. The same fingerprint, which is an identifier unique tothe first item of equipment, is generated each time and said fingerprintremains the same over time.

For example, the fingerprint generated is an optical fingerprint,generation of the fingerprint comprising illuminating a transparent arealocated in the first item of equipment, the fingerprint corresponding toa single image generated by illuminating said area.

According to one feature, said at least one verification of the dataidentifying the first item of equipment comprises verifying thepossession of a private key associated with the certificate, by thefirst item of equipment.

The pairing request is authorized if the first item of equipmentpossesses said private key. Thus, the request to pair the first item ofequipment is authorized, if the first item of equipment has proof ofpossession of the private key associated with said certificate.

According to one feature, the verification of the possession of theprivate key comprises:

-   transmitting, to the first item of equipment, a first datum that is    randomly generated on receipt of the pairing request,-   receiving, from the first item of equipment, a second datum    corresponding to the first datum encrypted,-   decrypting the second datum with a public key contained in the    received certificate, and-   if the second datum decrypted corresponds to the generated first    datum, determining that the first item of equipment has the private    key in its possession.

According to one feature, said at least one verification of the dataidentifying the first item of equipment comprises verifying whether thereceived certificate was issued by a predetermined certificationauthority.

The pairing request is authorized if the verification result ispositive.

For example, the predetermined certification authority belongs to a listof trusted certification authorities stored in the managing device.

According to one feature, said at least one verification of the dataidentifying the first item of equipment comprises verifying whether thefirst item of equipment associated with the received certificate isauthorized to pair.

In practice, the verification comprises consulting, in a database, dataassociated with the certificate, and determining, depending on the dataassociated with the certificate, whether the first item of equipmentassociated with the certificate is authorized to pair via the managingdevice.

According to one feature, said at least one verification comprisesverifying whether the fingerprint has been previously received inassociation with a certificate different from said certificate receivedin the pairing request.

Depending on the result of the aforementioned verifications, themanaging device determines whether the pairing request may be authorizedor must be refused. According to embodiments, one or more of theverifications described above are implemented.

For example, the pairing request is refused if the first item ofequipment does not possess the private key associated with thecertificate (for example if the managing device sends a random datum tothe first item of equipment for it to encrypt with the private keyassociated with the certificate, then decryption of the encrypted datumsent in return fails when the public key contained in the previouslysent certificate is used), or if the certification authority has notbeen declared valid beforehand or if the received fingerprint has beenpreviously received in association with a certificate different fromsaid certificate received in the pairing request.

According to embodiments, the pairing request is authorized if the firstitem of equipment possesses the private key associated with thecertificate (for example if the encrypted random data in the response ofthe first item of equipment to the challenge sent by the managing deviceis able to be decrypted with the public key of the certificate), and/orif the certification authority has been declared valid beforehand and/orif the received fingerprint has not previously been received inassociation with a certificate different from the certificate receivedin the pairing request.

According to one feature, the managing method comprises determining aregion in which the first item of equipment is located, and modifyingthe illumination generated by at least one light source of the managingdevice, in order to visually identify said region in which the firstitem of equipment is located.

For example, if the pairing request is authorized, the light sources ofthe managing device are configured to illuminate the region in which thefirst item of equipment is located.

Thus, an item of equipment making a pairing request may be identifiedvisually.

According to one feature, the managing method comprises modifying theillumination generated by at least one light source of the managingdevice, to visually indicate whether the pairing request has beenauthorized or refused.

For example, different colors may be selected for the light emitted byat least one light source of the managing device to indicate whether thepairing request has been authorized or refused.

According to one feature, if the pairing request is authorized, themanaging method further comprises receiving an identity datumidentifying the user of the first item of equipment and verifying theidentity of the user depending on said received identity datum.

This feature adds security to the exchanges between the items ofequipment.

According to one feature, if the pairing request is authorized, themanaging method further comprises transmitting at least a second pairingrequest to a third item of equipment connected by a wired connection tothe managing device.

Thus, once the first item of equipment has been paired with the seconditem of equipment, it is possible to pair the first item of equipmentwith other items of equipment connected to the managing device via awired link.

According to another feature, if the pairing request is authorized, themanaging method further comprises transmitting at least a second pairingrequest to a third item of equipment connected by an optical connectionto the managing device.

Thus, once the first item of equipment has been paired with the seconditem of equipment, it is possible to pair the first item of equipmentwith other items of equipment connected to the managing device via anoptical communication channel.

The present invention relates, according to a second aspect, to a devicefor managing a request to pair a first item of equipment with a seconditem of equipment. The managing device is configured to communicate withthe first item of equipment via an optical communication channel, andcomprises:

-   a receiving module configured to receive, via the optical    communication channel, a pairing request comprising data    representative of the identity of the first item of equipment,-   an authorizing module configured to authorize or refuse the pairing    request depending on the result of said at least one verification of    the data representative of the identity of the first item of    equipment, and-   a transmitting module configured to transmit, via the optical    communication channel, a security key to the first item of    equipment, if the pairing request is authorized.

According to one embodiment, the transmitting module is furtherconfigured to transmit to the first item of equipment a first datumgenerated randomly on receipt of the pairing request.

According to one feature, the managing device comprises a verifyingmodule configured to verify whether the first item of equipmentpossesses the private key associated with the certificate.

According to one embodiment, the verifying module is configured to:

-   receive, from the first item of equipment, a second datum    corresponding to the first datum encrypted,-   decrypt the second datum with a public key contained in the received    certificate, and-   determine that the first item of equipment possesses the private    key, if the decrypted second datum corresponds to the generated    first datum.

According to one feature, the verifying module is further configured toverify whether the received certificate was issued by a predeterminedcertification authority.

According to one feature, the verifying module is further configured toverify whether the first item of equipment associated with the receivedcertificate is authorized to pair.

For example, the verifying module is configured to consult, in adatabase, data associated with said certificate, and to determine,depending on the data associated with said certificate, whether thecertificate is authorized to pair via said managing device.

According to one feature, the verifying module is configured to verifywhether the fingerprint has been previously received in association witha certificate different from said certificate received in the pairingrequest.

According to one feature, the managing device further comprises adetermining module configured to determine a region in which the firstitem of equipment is located, and an illumination-modifying moduleconfigured to modify the illumination generated by at least one lightsource of the managing device, in order to visually identify said regionin which the first item of equipment is located.

According to one feature, the illumination-modifying module isconfigured to modify the illumination generated by at least one lightsource of the managing device, to visually indicate whether the pairingrequest has been accepted or refused.

According to one feature, the managing device further comprises a secondverifying module configured to verify the identity of the user of thefirst item of equipment.

According to one feature, the managing device further comprises atransmitting module configured to transmit at least a second pairingrequest to a third item of equipment connected by a wired connection tothe managing device.

The features of the managing method and of the managing device below maybe implemented in isolation or in combination with one another.

The present invention relates, according to a third aspect, to an itemof equipment such as an access gateway comprising a managing deviceaccording to the invention.

The item of equipment comprising the managing device may be any otherconnected object or item of equipment.

The present invention relates, according to a fourth aspect, to acomputer program able to be implemented on a managing device, theprogram comprising code instructions for implementing the steps of themanaging method according to the invention, when it is executed by aprocessor.

The present invention relates, according to a fifth aspect, to a datamedium readable by a processor in a managing device, on which is storeda computer program comprising code instructions for implementing thesteps of the managing method according to the invention, when it isexecuted by the processor.

The managing device, the gateway, the computer program and the datamedium have features and advantages analogous to those described abovein relation to the managing method.

BRIEF DESCRIPTION OF THE DRAWINGS

Other particular features and advantages of the invention will becomemore clearly apparent in the following description. In the appendeddrawings, which are given by way of non-limiting examples:

FIG. 1 schematically illustrates the context of the invention,

FIG. 2 is a schematic showing the first item of equipment, the seconditem of equipment and a managing device according to one embodiment ofthe invention,

FIG. 3 illustrates steps of the managing method according to oneembodiment of the invention,

FIG. 4 a illustrates a hardware architecture able to implement themanaging method according to the invention, and

FIG. 4 b is a functional depiction of a managing device according to oneembodiment of the invention.

DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

FIG. 1 shows a set of items of equipment 10-13 configured to implementradio-wave communications. These items of equipment 10-13 may form alocal area network 100, or LAN, such as a home network or a businessnetwork. One of the items of equipmen is an access gateway 13 allowingthe items of equipment 11-12 of the local area network 100 to access awide area network 200, or WAN, such as the Internet.

In the example shown, the local area network 100 is formed by a mobiletelephony terminal 10, a surveillance camera 11, a laptop computer 12and an access gateway 13. Other items of equipment (not shown) may formpart of the local area network 100, such as a tablet, a printer, anaudio speaker, a television decoder, a television set, a games console,a household appliance, a sensor (of temperature, brightness, humidity,etc.), or any other connected object, that is to say any objectconfigured to transmit or receive information via a communicationnetwork.

These items of equipment may communicate with one another by means ofradioelectric waves, via the local area network 100 or via two-wayexchanges.

The items of equipment 10-13 for example use the IP protocol (IPstanding for Internet Protocol) to communicate with one another and tocommunicate with the wide area network 200. They may also communicatewith each other according to wireless communication standards such asWi-Fi or Bluetooth, inter alia.

The access gateway 13 is configured to allow the items of equipment10-12 to send requests to a server 20 in the wide area network 200 andto receive in return responses from the server 20. By way ofillustration, the server 20 is a server through which content, such asaudio or video content, electronic messages or websites, is madeavailable.

At least one of the items of equipment 10-13 is configured to establishan optical communication channel CO1 with a light source 30.

A single light source 30 has been shown in FIG. 1 . Of course, thenumber of light sources may be different.

In particular, as shown in FIG. 2 , the first item of equipment 10comprises an optical emitter and a photoreceiver.

In the example shown, the first item of equipment 10 is a mobiletelephony terminal of smartphone type. The other items of equipment 11,12, 13 are, in this example, a surveillance camera 11, a laptop computer12 and an access gateway 13 and are connected to the light source 30 viawired links CL3, CL2 and CL1, respectively.

In another embodiment (not illustrated), all of the items of equipmentare linked to the light source via optical means. In this embodiment,each item of equipment communicates with the managing device via anoptical communication channel.

FIG. 2 schematically represents a first item of equipment 10, a seconditem of equipment 13 and a light source 30.

In the described example, the first item of equipment 10 is a mobiletelephony terminal and the second item of equipment 13 an access gateway13.

Of course, the invention is not limited to these items of equipment andis applicable to other items of equipment as indicated below.

The light source 30 is for example an LED lamp (LED standing forLight-Emitting Diode) or a “spot light”, i.e. a light ensuring localizedillumination. The light source 30 is configured, in addition to emittinglight for the primary purpose of providing illumination, to passinformation by means of the light. In one embodiment, the light source30 is configured to send information using Li-Fi technology (Li-Fistanding for Light Fidelity) or equivalent technologies. In Li-Fitechnology, data are encoded and sent via modulation of the amplitude ofthe light signal.

The light source 30 may comprise a plurality of light-emitting diodes orLEDs. According to embodiments, the light-emitting diodes may have thesame color or different colors. The colors of the light-emitting diodesmay be used to convey visual information to the users of the items ofequipment. For example, as will be described below, diodes of one colormay emit light while a pairing request is being processed, or uponsuccess or failure of a pairing request, etc.

In one embodiment, the light-emitting diodes form an optical emitterEO_30. Furthermore, the light source 30 comprises an optical receiver orphotoreceiver RO_30 for receiving light signals from light sources ofthe items of equipment 10-13. The photoreceiver RO_30 is configured todemodulate the received signal and to obtain the data sent. For thephotoreceiver RO to receive data, it must be located in the regionilluminated by the light source sending the data.

The light source 30 further comprises a control module CTRL_30comprising electronic circuits configured to implement the method formanaging a pairing request according to the invention. This method willbe described below with reference to FIG. 3 . Thus, the light source 30forms a device for managing a pairing request. This managing device 30may be integrated into an item of equipment, into the access gateway 13inter alia for example, or may be independent of the items of equipment10-13 as shown in FIG. 1 in which the managing device is a spot light.

In the embodiment shown, the terms managing device, light source andspot light correspond to the same device 30.

In the embodiment shown, the second item of equipment 13 is connected tothe spot light 30 by means of a wired connection. For example, thiswired connection is an Ethernet or PLC connection (PLC standing forPower-Line Communication).

The first item of equipment 10 comprises an optical emitting module oroptical emitter EO_10, and an optical receiving module, optical receiveror photoreceiver RO_10.

It will be noted that in order for the first item of equipment 10 andthe spot light 30 to be able to establish a communication channel CO1,the photoreceiver RO_30 of the spot light 30 must be located in theregion illuminated by the optical emitter EO_10 of the first item ofequipment 10, and the photoreceiver RO_10 of the first item of equipment10 must be in the region illuminated by the optical emitter EO_30 of thespot light 30.

By region illuminated by an optical emitter, what is meant is the regionthat receives the light beams emitted by the optical emitter, or theregion in which an optical receiver is able to receive the light beamsemitted by the optical emitter.

The first item of equipment further comprises a radio transmitter and aradio receiver E/R_R_10 allowing radio communication (or communicationby means of radio waves) with other items of equipment 11-13, and inthis embodiment shown with the second item of equipment 13.

The second item of equipment 13 also comprises a radio transmitter and aradio receiver E/R_R_13 allowing radio communication (or communicationby means of radio waves) with other items of equipment 10-12, and inthis embodiment shown with the first item of equipment 10.

It will be noted that the items of equipment 10 and 13 and the spotlight 30 are equipped with communication interfaces (not illustrated)configured to implement the aforementioned communications. Thus, in theembodiment described, the first item of equipment 10 comprises a firstinterface suitable for optical communications and a second interfacesuitable for radio communications. The spot light 30 comprises a firstinterface suitable for optical communications and a second interfacesuitable for wired communications. The second item of equipment 20comprises a first interface suitable for wired communications and asecond interface suitable for radio communications. Furthermore, thesecond item of equipment 20 comprises a third interface suitable forconducting communications with the wide area communications network 200.In particular, this third interface allows the devices 10-12 of thelocal area network 100 to send requests to servers 40 in the wide areanetwork and to receive responses.

FIG. 3 illustrates steps of the method for managing a request to pairthe first item of equipment 10 with the second item of equipment 13,according to one embodiment. The managing method is implemented by themanaging device 30, the managing device being in one embodiment a spotlight.

When the first item of equipment 10 asks to pair with the second item ofequipment 13, the managing device 30 receives E10 a pairing request fromthe first item of equipment 10.

In one embodiment, the pairing request R1 is received by the managingdevice 30 via an optical communication channel CO1 (FIGS. 1 and 2 ).

The pairing request comprises data DAT_ID representative of the identityof the first item of equipment 10.

The data DAT_ID representative of the identity of the first item ofequipment 10 make it possible to uniquely identify this first item ofequipment 10.

In one embodiment, the data representative of the identity of the firstitem of equipment 10 comprise a certificate CERT associated with thefirst item of equipment 10.

The certificate CERT was generated beforehand for this first item ofequipment by a certification authority, in association with a public keyK2. This public key K2 is contained in the certificate CERT and makes itpossible to decrypt data encrypted with the private key K1. Thus, apublic key and a private key are associated with the certificate CERT.

According to one embodiment, the managing device 30 comprises a list oftrusted certification authorities, including the certification authoritythat generated the certificate CERT associated with the first item ofequipment 10.

This list of certification authorities may be updated.

Certificates and encryption algorithms are known to those skilled in theart and will not be described here.

Thus, in one embodiment, the pairing request R1 sent to the managingdevice 30 comprises the certificate CERT associated with the first itemof equipment.

In one embodiment, the data DAT_ID representative of identity furthercomprises a fingerprint PUF that uniquely identifies the first item ofequipment 10.

Thus, in this embodiment, the pairing request R1 comprises thecertificate CERT and the fingerprint PUF uniquely identifying the firstitem of equipment 10.

The fingerprint PUF may be defined as a sequence of data uniquelyidentifying the first item of equipment. This fingerprint is generatedE0 by the first item of equipment prior to the transmission of a pairingrequest. The same fingerprint is generated each time and it remains thesame over time.

In one embodiment, the fingerprint associated with the first item ofequipment 10 is generated using a PUF (PUF standing for PhysicalUnclonable Function). Electronic components are all different in theirphysical structure. During the manufacture of electronic components,physical variations occur; these variations make it possible todifferentiate between otherwise identical electronic componentsmanufactured at the same time using identical manufacturing processes.

A physical unclonable function or PUF may be defined as a physicalentity in an electronic component. This physical unclonable function orPUF is used to generate of the PUF fingerprint.

In one embodiment, the fingerprint is generated by means of an opticalphysical unclonable function or optical PUF present in the first item ofequipment 10. An optical PUF is formed by a transparent material dopedwith light-scattering particles. When light passes through thistransparent area, an image is generated by illuminating this area. Thisarea being unique (or unclonable), the generated image is unique to eachoptical PUF and consequently to each item of equipment.

The sequence of data representative of the generated image forms thefingerprint PUF.

Optical PUFs and generation of a fingerprint of this type are known tothose skilled in the art and will not be described in detail here.

In a known manner, the optical PUFs are located downstream of theoptical emitter. Thus, the generated image is related to imperfectionsin the optical lens of the optical emitter.

According to one embodiment, the fingerprint PUF is generated each timethe first item of equipment 10 transmits. Thus, the fingerprint PUF isgenerated each time a pairing request R1 is sent to the managing device30.

According to another embodiment, the fingerprint PUF may only begenerated the first time a request to pair an item of equipment is made.In this embodiment, the managing device stores in memory the fingerprintassociated with the item of equipment with a view to implementing theverifications required for future pairings.

When the managing device receives E10 a pairing request, it extracts thedata identifying the first item of equipment 10. In this embodiment, themanaging device 30 extracts the certificate CERT, and the fingerprintPUF uniquely identifying the first item of equipment 10.

In other embodiments, the received pairing request comprises only one ofthe aforementioned data identifying the first item of equipment.

In one embodiment, the managing device 30 stores the receivedcertificate CERT in association with the received fingerprint PUF.

For example, the certificate and the fingerprint are stored in thememory of the managing device 30 or in a database connected to themanaging device 30. For example, the database may be located in a server20 connected to the managing device 30 via the second item of equipment13. In another embodiment, the server may be connected directly to themanaging device or via an item of equipment other than the second itemof equipment.

The managing device 30 receiving the pairing request R1 implements averification E20 of the data identifying the first item of equipment 10.

The verification implemented differs depending on the embodiment.

Depending on the embodiment, the verification E20 may comprise:

-   verifying E21 whether the first item of equipment 10 possesses the    private key K1 associated with the certificate CERT,-   verifying E22 whether the certification authority that issued the    certificate CERT is present in a list of trusted certification    authorities stored in the managing device,-   verifying E23 whether the first item of equipment associated with    the received certificate CERT is authorized to pair, and-   verifying E24 whether the fingerprint PUF has been previously    received in association with a certificate different from the    certificate CERT received in the pairing request R1.

The verification E20 comprises at least one of the verificationoperations E21, E22, E23, E24 mentioned above. Furthermore, allcombinations may be possible.

In the embodiment described, the verification E20 comprises verifyingwhether the first item of equipment 10 possesses the private key K1associated with the certificate CERT, whether the certificationauthority that issued the certificate CERT is present in a list oftrusted certification authorities, verifying (not illustrated) whetherthe first item of equipment associated with the received certificateCERT is authorized to pair and whether the fingerprint PUF has beenpreviously received in association with a certificate different from thecertificate CERT received in the pairing request R1 (verifications E21,E22, E23 and E24).

The verifications consisting in verifying whether the device associatedwith the received certificate CERT is authorized to pair or whether thefingerprint PUF has been previously received in association with adifferent certificate may be implemented by consulting, in a database,data associated with the certificate CERT. Depending on the dataassociated with the certificate CERT, it may be determined whether thecertificate CERT is authorized for pairing via the managing device 30.

The database may be none other than the database in which the receivedcertificates CERT and fingerprints PUF are stored in association, or adifferent database.

By way of non-limiting example, the data associated with the certificatecomprise the certification authority that issued the certificate, aserial number contained in the certificate, the name of the user of thefirst item of equipment and an identifier of the managing device. Thus,it may be verified whether a user of the first terminal is authorized topair via the managing device. The identifier of the managing device maybe an identifier of a meeting room in which the managing device isplaced.

Depending on the result of the verification E20, the managing device 30determines E30 whether the pairing request is authorized or refused.

In the embodiment shown, if the first item of equipment 10 possesses theprivate key associated with the certificate CERT included in the pairingrequest R1, if the certification authority has been previously declaredas valid, if the certificate CERT may be used for pairing and if thefingerprint received has not been previously received in associationwith a certificate different from the certificate received in thepairing request, the pairing request is authorized E30.

If the result of one of the verifications E21, E22, E23, E24 isnegative, i.e. if the first item of equipment 10 possesses the privatekey K1 associated with the certificate CERT included in the pairingrequest R1, or if the certification authority has not been previouslydeclared as valid, or if the certificate CERT may be used for pairing,or if the fingerprint received has been previously received inassociation with a certificate different from said certificate receivedin the pairing request, the pairing request is refused E30.

In one embodiment, possession of the private key is verified E21 asfollows.

The managing device 30, upon receipt of the pairing request R1, randomlygenerates a datum and transmits it to the first item of equipment 10.The first item of equipment 10 encrypts this datum and transmits it tothe managing device 30. To verify whether the first item of equipment 10possesses the private key associated with the certificate CERT receivedin the pairing request R1, the managing device 30 decrypts the receiveddatum using the public key associated with the certificate CERT, thispublic key being contained in the certificate CERT. If the obtaineddatum corresponds to the datum that it previously generated and sent tothe first item of equipment 10, the managing device determines that thefirst item of equipment possesses the private key. If on the contrarythe obtained datum does not correspond to the datum that it previouslygenerated and sent to the first item of equipment 10, the managingdevice determines that the first item of equipment does not possess theprivate key.

The managing device 30 sends E40 a response, via the opticalcommunication channel CO1, to the first item of equipment 10 informingit of the authorization or refusal of the pairing request. Next, themanaging device 30 sends E50 to the first item of equipment 10identification data of the second item of equipment 20, for example itsservice set identifier (SSID) or a security key. These identificationdata of the second item of equipment 13 allow communications between thefirst item of equipment 10 and the second item of equipment 13 to besecured once they have been paired.

By way of non-limiting example, the managing device 30 may send a WPAkey (WPA standing for Wi-Fi Protected Access) of the gateway 13 (seconditem of equipment).

In one example in which the managing device and the second item ofequipment are integrated into the same device, the managing device maysend the first item of equipment a security key associated with themanaging device, the key of the spot light for example.

Once the first item of equipment 10 has the identification data of thesecond item of equipment 13, it is able to establish a connection withthe second item of equipment 13 and to send it its own identificationdata.

In one embodiment, the exchanges between the first item of equipment 10and the managing device 30 are carried out according to a Diffie-Hellmanprotocol.

In particular, the first item of equipment 10 and the managing device 30use the Diffie-Hellman protocol to compute a key, called the sessionkey. This session key is used for exchanges between the first item ofequipment 10 and the managing device 30. In this embodiment, the firstitem of equipment 10 sends to the managing device 30 the pairing requestR1 encrypted with the computed session key. Furthermore, the managingdevice 30 sends to the first item of equipment 10 the identificationdata of the second item of equipment 13 encrypted with the session key.

Furthermore, the exchanges between the first item of equipment 10 andthe managing device 30 required to verify the possession of the privatekey K1 associated with the certificate CERT by the first item ofequipment 10 are implemented using the computed session key.

In certain embodiments, the managing device comprises in memory theidentification data of the items of equipment to which it is connected.In other embodiments, the identification data are obtained by themanaging device during the implementation of the method for managing apairing request, so that it may exchange the identification data betweenthe first item of equipment and the second item of equipment.

Next, the first item of equipment 10 and the second item of equipmentmay communicate via a radio communication channel CR1.

In certain embodiments, when the pairing request has been validated, anidentity datum identifying the user of the first item of equipment 10 isverified.

This feature adds security to the exchanges between the items ofequipment.

The first item of equipment and the second item of equipment may furthercommunicate via the optical communication channel established betweenthe first item of equipment and the managing device and the wiredcommunication channel between the managing device and the second item ofequipment. The managing device functions as an intermediary between thefirst item of equipment and the second item of equipment.

Thus, these communication channels that were used previously during thepairing phase continue to be used subsequently during phases ofcommunication. It may be very useful to use these communicationchannels, for example for communications in environments wherecommunications by radio must be avoided, for example in hospitals,crèches or the like. In the illustrated embodiment, once the first itemof equipment has been paired with the second item of equipment, thefirst item of equipment 10 may either communicate with the second itemof equipment via the radio communication channel CR1, or via themanaging device 30, i.e. via the optical communication channel CO1 andthe wired communication channel CL1.

The managing device 30 may determine E100 the region in which the firstitem of equipment is located. This information is determined by thephotoreceiver RO_30 of the managing device. Depending on thisinformation, the illumination generated by at least one light source ofthe managing device (or spot light) 30 is modified E101 to visuallyidentify the region in which the first item of equipment 10 is located.

For example, a first group of light sources or LEDs may turn on and asecond group of light sources or LEDs may turn off so as to illuminateonly the region in which the first item of equipment 10 is located.

Thus, an item of equipment initiating pairing may be identifiedvisually. By virtue of this feature, an unauthorized user may be easilyspotted.

In certain embodiments, the color of the light emitted by the spot lightmay change depending on the result of the verification E20. This featuremakes it possible to indicate visually whether the pairing request hasbeen accepted or refused.

For example, different colors may be selected for the light emitted byat least one light source of the managing device 30 to indicate whetherthe pairing request has been accepted or refused.

In one embodiment, when the pairing request has been validated, themanaging method further comprises transmitting at least a second pairingrequest to a third item of equipment 11, 12 connected by a wiredconnection to the managing device 30.

For example, the managing device 30 comprises a list of items ofequipment 11-13 to which it is connected. Once the pairing request fromthe first item of equipment 10 has been validated, the user of the firstitem of equipment 10 may select at least one second item of equipmentfrom the list, with a view to initiating a pairing request.

This new pairing request may not require the verifications carried outpreviously to be implemented again, for example if the new pairingrequest is transmitted in the same session. In this case, pairing withother items of equipment is thus achieved rapidly.

According to one variant, once pairing with the second item of equipment13 as requested by the first item of equipment 10 has been authorized,pairing with the other items of equipment 11, 12 connected to themanaging device 30 occurs automatically.

This makes it possible to efficiently and securely pair with a number ofitems of equipment.

FIG. 4 a schematically illustrates a hardware architecture of a managingdevice 30 able to implement the managing method according to theinvention.

The managing device 30 comprises an optical receiver or photoreceiverRO_30, an optical emitter EO_30 and a control module CTRL_30. Thiscontrol module CTRL_30 comprises a communication bus 300 to which areconnected:

-   a processing unit 301, called CPU in the figure (CPU standing for    Central Processing Unit), possibly comprising one or more    processors;-   a non-volatile memory 302, for example a read-only memory (ROM), an    electrically erasable programmable read-only memory (EEPROM) or a    flash memory;-   a random-access memory 303 or RAM;-   an input/output interface 304, called I/O in the figure, for example    keys or buttons, a screen, a keypad, a mouse or another pointing    device such as a touchscreen or a remote controller allowing a user    to interact with the managing device 30 via a graphical interface or    a human-machine interface; and-   communication interfaces 305, called COM in the figure, suitable for    exchanging data for example with the first item of equipment 10,    with the second item of equipment 13, or with a database DB via a    communication network 100, 200. These communication interfaces 305    are in particular configured to establish optical communication    channels CO1, radio communication channels CR1 or wired    communication channels CL1, CL2, CL3.

The random-access memory 303 contains registers suitable for storingvariables and parameters that are created and modified during theexecution of a computer program comprising instructions for implementingthe managing method according to the invention. The instruction codes ofthe program stored in the non-volatile memory 302 are loaded into thememory RAM 303 in order to be executed by the processing unit CPU 301.

The non-volatile memory 302 is for example a rewritable EEPROM memory orflash memory able to constitute a medium within the meaning of theinvention, i.e. able to comprise a computer program comprisinginstructions for implementing the managing method according to theinvention. The rewritable memory may for example comprise a database inwhich certificates CERT are stored in association with fingerprints PUF,or comprising a list of items of equipment connected to the managingdevice 30, or a list of authorized certification authorities. Thisdatabase may be updated as pairing requests are received.

This program, by way of its instructions, defines functional modules ofthe managing device 30 that are implemented and/or control the hardwareelements described above. FIG. 4 b is a functional representation of adevice 30 for managing a pairing request according to one embodiment.

These modules especially comprise:

-   a receiving module 31 configured to receive, via the optical    communication channel CO1, a pairing request comprising data    representative of the identity of the first item of equipment 10,-   an authorizing module 32 configured to authorize or refuse the    pairing request depending on the result of said at least one    verification E20 of the data representative of the identity of the    first item of equipment 10, and-   a transmitting module 33 configured to transmit, via the optical    communication channel CO1, a security key to the first item of    equipment 10, if the pairing request is authorized.

In one embodiment, the transmitting module 33 is further configured totransmit to the first item of equipment a first datum generated randomlyon receipt of the pairing request R1.

According to embodiments, the managing device comprises a verifyingmodule 34 configured to:

-   verify whether the first item of equipment possesses the private key    associated with the certificate, for example by verifying whether a    received encrypted datum is able to be decrypted with a public key    contained in the certificate,-   verify whether the certificate was issued by a predetermined    certification authority,-   verify whether the first item of equipment associated with the    received certificate is authorized to pair, or-   verify whether the fingerprint has been previously received in    association with a certificate different from said certificate    received in the pairing request.

The managing device 30 may further comprise, depending on theembodiment:

-   a determining module 35 configured to determine a region in which    the first item of equipment is located, and an    illumination-modifying module configured to modify the illumination    generated by at least one light source of the managing device, in    order to visually identify said region in which the first item of    equipment is located, and/or-   a second verifying module 36 configured to identify the user    depending on said received identity datum, and/or-   a transmitting module 37 configured to transmit at least a second    pairing request to a third item of equipment connected by a wired    connection to the managing device.

The aforementioned modules and means are controlled by the processor ofthe processing unit 301. They may take the form of a program able to beexecuted by a processor, or the form of hardware, such as anapplication-specific integrated circuit (ASIC), a system on chip (SoC),or a programmable logic circuit such as a field-programmable gate array(FPGA).

The first item of equipment 10 also comprises a communication bus towhich there are connected a processing unit or microprocessor, anon-volatile memory, a random-access memory or RAM, and a communicationinterface suitable in particular for exchanging data with the managingdevice 30. The first item of equipment 10 may for example send to themanaging device 30 a request to pair with a second item of equipment 13.Furthermore, the first item of equipment 10 may receive messages fromthe managing device 30, for example with a view to informing it whetherthe pairing request has been accepted or refused or to sending itcryptographic keys.

In certain embodiments, the managing device 30 is integrated into thesecond item of equipment 13, this second item of equipment being, by wayof nonlimiting example, an access gateway.

Although the present disclosure has been described with reference to oneor more examples, workers skilled in the art will recognize that changesmay be made in form and detail without departing from the scope of thedisclosure and/or the appended claims.

1. A method for managing a request to pair a first item of equipmentwith a second item of equipment, which is implemented by a managingdevice for managing a pairing request, said managing device beingconfigured to communicate with the first item of equipment via anoptical communication channel, said managing method comprising:receiving, via said optical communication channel, a pairing requestcomprising data representative of an identity of the first item ofequipment; and in response to the pairing request being authorized,transmitting, via said optical communication channel, to the first itemof equipment, a security key to be used during communications betweenthe first item of equipment and the second item of equipment once theitems of equipment have been paired.
 2. The method according to claim 1,wherein said data representative of the identity of the first item ofequipment comprise a certificate associated with the first item ofequipment.
 3. The method according to claim 2, wherein said datarepresentative of the identity of the first item of equipment comprise asequence of data representative of a fingerprint uniquely identifyingsaid first item of equipment.
 4. The method according to claim 3,wherein said sequence of data is generated by said first item ofequipment prior to the transmission of said pairing request to saidmanaging device.
 5. The method according to claim 2, comprisingauthorizing or refusing the pairing request depending on a result of atleast one verification of said data representative of the identity ofthe first item of equipment comprising verifying whether the first itemof equipment possesses a private key associated with said certificate.6. The method according to claim 2, comprising authorizing or refusingthe pairing request depending on a result of at least one verificationof said data representative of the identity of the first item ofequipment comprising verifying whether said certificate was issued by apredetermined certification authority.
 7. The method according to claim2, comprising authorizing or refusing the pairing request depending on aresult of at least one verification of said data representative of theidentity of the first item of equipment comprisescomprising verifyingwhether the first item of equipment associated with the receivedcertificate is authorized to pair.
 8. The method according to claim 3,comprising authorizing or refusing the pairing request depending on aresult of at least one verification of said data representative of theidentity of the first item of equipment comprising verifying whethersaid sequence of data representative of a fingerprint has beenpreviously received in association with a certificate different fromsaid certificate received in said pairing request.
 9. The methodaccording to claim 1, comprising determining a region in which the firstitem of equipment is located, and modifying an illumination generated byat least one light source of said managing device, in order to visuallyidentify said region in which the first item of equipment is located.10. The method according to claim 1, wherein, in response to the pairingrequest being authorized, the managing method further comprisestransmitting at least a second pairing request to a third item ofequipment connected by a wired connection to the managing device (30).11. A managing device for managing a request to pair a first item ofequipment with a second item of equipment, the managing device beingconfigured to communicate with said first item of equipment via anoptical communication channel, and comprising: a processor; and anon-transitory computer readable medium comprising instructions storedthereon which when executed by the processor configure the managingdevice to: receive, via the optical communication channel, a pairingrequest comprising data representative of an identity of the first itemof equipment; and transmit, via said optical communication channel, tothe first item of equipment, in response to the pairing request beingauthorized, a security key to be used during communications between thefirst item of equipment and the second item of equipment once the itemsof equipment have been paired.
 12. (canceled)
 13. A non-transitory datamedium readable by a processor in a managing device, on which is storeda computer program comprising code instructions for implementing amanaging method for managing a request to pair a first item of equipmentwith a second item of equipment, when it the computer program isexecuted by the processor, wherein the managing device is configured tocommunicate with the first item of equipment via an opticalcommunication channel, and said managing method comprises: receiving,via said optical communication channel, a pairing request comprisingdata representative of an identity of the first item of equipment; andin response to the pairing request being authorized, transmitting, viasaid optical communication channel, to the first item of equipment, asecurity key to be used during communications between the first item ofequipment and the second item of equipment once the items of equipmenthave been paired.
 14. An item of equipment comprising the managingdevice according to claim 11.